Volerion logoVolerion
Volerion logoVolerion

Zyxel AX7501-B1 Post-Authentication Command Injection Vulnerability in Firmware through V5.17(ABPC.5.3)C0

Vulnerability

A post-authentication command injection vulnerability has been identified in the 'zyUtilMailSend' function of the Zyxel AX7501-B1 fiber ONT device. This vulnerability affects firmware versions through V5.17(ABPC.5.3)C0. The issue allows an authenticated attacker with administrator privileges to execute operating system commands on the vulnerable device. It's important to note that WAN access is disabled by default on these devices, and exploitation would only be successful if the administrator's password has been compromised.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of operating system commands on the affected device, potentially allowing for further exploitation or manipulation of the device's functions or data.

Remediation

Users are advised to update to version V5.17(ABPC.6)C0, which is available through the Zyxel Update Catalog. For devices acquired through an ISP, contact the ISP's support team for assistance.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
7.5
exploitability
4.4
remediation
7.7
relevance
0.0
threat
0.0
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.